How do you manage user accounts in 7 mode given the following scenarios:
Enable disabled user account:
Controller1> useradmin user list Test3
Allowed Capabilities: login-snmp
Password min/max age in days: 1/4294967295
Change user password for first login:
When security.passwd.firstlogin.enable is set to on and using the principal of least privilege, how do you change the intial password? Or let me ask, what is required to allow a user to change their password on first login if you are configuring SNMPv3 and only granting login-snmp? Do they need the ability to login through SSH, if so what other capabilities are required for the user to change their password. Let’s say the user only has login-snmp, login-ssh how would they change their password? There is no prompt when I login and I can login through SSH with the account with a status of expired. When I have these capabilities and try passwd , system log states that test needs the cli-passwd capability. If you grant that capability then that account can change any password.
Info: Rid: 11112
Password min/max age in days: 0/4294967295
Since you have not gotten an answer, you may want to ask this question in the NetApp Support Community. The current customers, partners and internal Subject Matter Experts are addressing technical product questions there.
The capability cli-passwd only provides the privileges to change the password on the users own account.
It does not provide the ability to change the password on other users accounts.
In order to change the password of other users accounts you need the security context privilege of security-passwd-change-others.